Package org.apache.openjpa.lib.util

Class J2DoPrivHelper

java.lang.Object
org.apache.openjpa.lib.util.J2DoPrivHelper
public abstract class J2DoPrivHelper extends Object
Helper class to obtain the Privilege(Exception)Action object to perform Java 2 doPrivilege security sensitive function call in the following methods:
  • AccessibleObject.setAccessible
  • Class.forName
  • Class.getClassLoader
  • Class.getDeclaredField
  • Class.getDeclaredFields
  • Class.getDeclaredMethod
  • Class.getDeclaredMethods
  • Class.getProtectionDomain
  • Class.getResource
  • Class.newInstance
  • ClassLoader.getParent
  • ClassLoader.getResource
  • ClassLoader.getResources
  • ClassLoader.getSystemClassLoader
  • File.deleteOnExit
  • File.delete
  • File.exists
  • File.getAbsoluteFile
  • File.getAbsolutePath
  • File.getCanonicalPath
  • File.listFiles
  • File.length
  • File.isDirectory
  • File.mkdirs
  • File.renameTo
  • File.toURL
  • FileInputStream new
  • FileOutputStream new
  • System.getProperties
  • InetAddress.getByName
  • MultiClassLoader new
  • ServerSocket new
  • Socket new
  • Socket.accept
  • System.getProperty
  • Thread.getContextClassLoader
  • Thread.setContextClassLoader
  • Thread new
  • TemporaryClassLoader new
  • URL.openStream
  • URLConnection.getContent
  • ZipFile new
  • AnnotatedElement.getAnnotations
  • AnnotatedElement.getDeclaredAnnotations
  • AnnotatedElement.isAnnotationPresent
  • jakarta.validation.Validator.validate
  • jakarta.validation.Validation.buildDefaultValidatorFactory
If these methods are used, the following sample usage patterns should be followed to ensure proper privilege is granted: 
 1) No security risk method call. E.g.

    private static final String SEP = J2DoPrivHelper.getLineSeparator();

 2) Methods with no exception thrown. PrivilegedAction is returned from
    J2DoPrivHelper.*Action(). E.g.

    ClassLoader loader = AccessController.doPrivileged(
                             J2DoPrivHelper.getClassLoaderAction(clazz));

    ClassLoader loader = (ClassLoader) (System.getSecurityManager() == null)
                         ? clazz.getClassLoader()
                         : AccessController.doPrivileged(
                             J2DoPrivHelper.getClassLoaderAction(clazz));
 3) Methods with exception thrown. PrivilegedExceptionAction is returned
    from J2DoPrivHelper.*Action(). E.g.

    try {
      method = AccessController.doPrivileged(
        J2DoPrivHelper.getDeclaredMethodAction(clazz, name, parameterType));
    } catch (PrivilegedActionException pae) {
      throw (NoSuchMethodException) pae.getException();
    }

    try {
      method = (System.getSecurityManager() == null)
        ? clazz.getDeclaredMethod(name,parameterType)
        : AccessController.doPrivileged(
            J2DoPrivHelper.getDeclaredMethodAction(
              clazz, name, parameterType));
    } catch (PrivilegedActionException pae) {
        throw (NoSuchMethodException) pae.getException()
    }
Author:
Albert Lee

  • Constructor Details

    • J2DoPrivHelper

      public J2DoPrivHelper()

  • Method Details

    • getLineSeparator

      public static String getLineSeparator()
      Return the value of the "line.separator" system property. Requires security policy: 'permission java.util.PropertyPermission "read";'

    • getPathSeparator

      public static String getPathSeparator()
      Return the value of the "path.separator" system property. Requires security policy: 'permission java.util.PropertyPermission "read";'

    • setAccessibleAction

      public static PrivilegedAction<Object> setAccessibleAction(AccessibleObject aObj, boolean flag)
      Return a PrivilegeAction object for aObj.setAccessible(). Requires security policy: 'permission java.lang.reflect.ReflectPermission "suppressAccessChecks";'

    • getForNameAction

      public static PrivilegedExceptionAction<Class<?>> getForNameAction(String className, boolean initializeBoolean, ClassLoader classLoader)
      Return a PrivilegeAction object for Class.forName(). Notes: doPriv of Class.forName call is required only if the input classloader argument is null. E.g. Class.forName("x", false, Collection.class.getClassLoader()); Requires security policy: 'permission java.lang.RuntimePermission "getClassLoader";'
      Returns:
      Class

    • getClassLoaderAction

      public static PrivilegedAction<ClassLoader> getClassLoaderAction(Class<?> clazz)
      Return a PrivilegeAction object for clazz.getClassloader(). Notes: No doPrivilege wrapping is required in the caller if: "the caller's class loader is not null and the caller's class loader is not the same as or an ancestor of the class loader for the class whose class loader is requested". E.g. this.getClass().getClassLoader(); Requires security policy: 'permission java.lang.RuntimePermission "getClassLoader";'
      Returns:
      Classloader

    • getDeclaredFieldAction

      public static PrivilegedExceptionAction<Field> getDeclaredFieldAction(Class<?> clazz, String name)
      Return a PrivilegedExceptionAction object for clazz.getDeclaredField(). Requires security policy: 'permission java.lang.RuntimePermission "accessDeclaredMembers";'
      Returns:
      Field
      Throws:
      NoSuchFieldException

    • getDeclaredFieldsAction

      public static PrivilegedAction<Field[]> getDeclaredFieldsAction(Class<?> clazz)
      Return a PrivilegeAction object for class.getDeclaredFields(). Requires security policy: 'permission java.lang.RuntimePermission "accessDeclaredMembers";'
      Returns:
      Field[]

    • getDeclaredMethodAction

      public static PrivilegedExceptionAction<Method> getDeclaredMethodAction(Class<?> clazz, String name, Class<?>[] parameterTypes)
      Return a PrivilegedExceptionAction object for clazz.getDeclaredMethod(). Requires security policy 'permission java.lang.RuntimePermission "accessDeclaredMembers";'
      Returns:
      Method
      Throws:
      NoSuchMethodException

    • getDeclaredMethodsAction

      public static PrivilegedAction<Method[]> getDeclaredMethodsAction(Class<?> clazz)
      Return a PrivilegeAction object for clazz.getDeclaredMethods(). Requires security policy: 'permission java.lang.RuntimePermission "accessDeclaredMembers";'
      Returns:
      Method[]

    • getResourceAction

      public static PrivilegedAction<URL> getResourceAction(Class<?> clazz, String resource)
      Return a PrivilegeAction object for clazz.getResource(). Requires security policy: 'permission java.io.FilePermission "read";'
      Returns:
      URL

    • newInstanceAction

      public static <T> PrivilegedExceptionAction<T> newInstanceAction(Class<T> clazz) throws IllegalAccessException, InstantiationException
      Return a PrivilegedExceptionAction object for clazz.newInstance(). Requires security policy: 'permission java.lang.RuntimePermission "getClassLoader";'
      Returns:
      A new instance of the provided class.
      Throws:
      IllegalAccessException
      InstantiationException

    • getProtectionDomainAction

      public static PrivilegedAction<ProtectionDomain> getProtectionDomainAction(Class<?> clazz)
      Return a PrivilegeAction object for class.getProtectionDomain(). Requires security policy: 'permission java.lang.RuntimePermission "getProtectionDomain";'
      Returns:
      ProtectionDomain

    • getParentAction

      public static PrivilegedAction<ClassLoader> getParentAction(ClassLoader loader)
      Return a PrivilegeAction object for loader.getParent(). Requires security policy: 'permission java.lang.RuntimePermission "getClassLoader";'
      Returns:
      ClassLoader

    • getResourceAction

      public static PrivilegedAction<URL> getResourceAction(ClassLoader loader, String resource)
      Return a PrivilegeAction object for loader.getResource(). Requires security policy: 'permission java.io.FilePermission "read";'
      Returns:
      URL

    • getResourcesAction

      public static PrivilegedExceptionAction<Enumeration<URL>> getResourcesAction(ClassLoader loader, String resource) throws IOException
      Return a PrivilegedExceptionAction object for loader.getResources(). Requires security policy: 'permission java.io.FilePermission "read";'
      Returns:
      Enumeration
      Throws:
      IOException

    • getSystemClassLoaderAction

      public static PrivilegedAction<ClassLoader> getSystemClassLoaderAction()
      Return a PrivilegeAction object for ClassLoader.getSystemClassLoader(). Requires security policy: 'permission java.lang.RuntimePermission "getClassLoader";'
      Returns:
      ClassLoader

    • deleteAction

      public static PrivilegedAction<Boolean> deleteAction(File f)
      Return a PrivilegeAction object for f.delete(). Requires security policy: 'permission java.io.FilePermission "delete";'
      Returns:
      Boolean

    • existsAction

      public static PrivilegedAction<Boolean> existsAction(File f)
      Return a PrivilegeAction object for f.exists(). Requires security policy: 'permission java.io.FilePermission "read";'
      Returns:
      Boolean

    • deleteOnExitAction

      public static PrivilegedAction<Boolean> deleteOnExitAction(File f)
      Return a PrivilegeAction object for f.deleteOnExit(). Requires security policy: 'permission java.io.FilePermission "delete";'

    • getAbsoluteFileAction

      public static PrivilegedAction<File> getAbsoluteFileAction(File f)
      Return a PrivilegeAction object for f.getAbsoluteFile(). Requires security policy: 'permission java.util.PropertyPermission "read";'
      Returns:
      File

    • getAbsolutePathAction

      public static PrivilegedAction<String> getAbsolutePathAction(File f)
      Return a PrivilegeAction object for f.getAbsolutePath(). Requires security policy: 'permission java.util.PropertyPermission "read";'
      Returns:
      String

    • getCanonicalPathAction

      public static PrivilegedExceptionAction<String> getCanonicalPathAction(File f) throws IOException
      Return a PrivilegedExceptionAction object for f.getCanonicalPath(). Requires security policy: 'permission java.util.PropertyPermission "read";'
      Returns:
      String
      Throws:
      IOException

    • isDirectoryAction

      public static PrivilegedAction<Boolean> isDirectoryAction(File f)
      Return a PrivilegeAction object for f.isDirectory(). Requires security policy: 'permission java.io.FilePermission "read";'
      Returns:
      Boolean

    • isFileAction

      public static PrivilegedAction<Boolean> isFileAction(File f)
      Return a PrivilegeAction object for f.isFile(). Requires security policy: 'permission java.io.FilePermission "read";'
      Returns:
      Boolean

    • lengthAction

      public static PrivilegedAction<Long> lengthAction(File f)
      Return a PrivilegeAction object for f.length(). Requires security policy: 'permission java.io.FilePermission "read";'
      Returns:
      Long

    • listFilesAction

      public static PrivilegedAction<File[]> listFilesAction(File f)
      Return a PrivilegeAction object for f.listFiles(). Requires security policy: 'permission java.io.FilePermission "read";'
      Returns:
      File[]

    • mkdirsAction

      public static PrivilegedAction<Boolean> mkdirsAction(File f)
      Return a PrivilegeAction object for f.mkdirs(). Requires security policy: 'permission java.io.FilePermission "write";'
      Returns:
      Boolean

    • renameToAction

      public static PrivilegedAction<Boolean> renameToAction(File from, File to)
      Return a PrivilegeAction object for f.renameTo(). Requires security policy: 'permission java.io.FilePermission "write";'
      Returns:
      Boolean

    • toURLAction

      public static PrivilegedExceptionAction<URL> toURLAction(File file) throws MalformedURLException
      Return a PrivilegedExceptionAction object for f.toURL(). Requires security policy: 'permission java.io.FilePermission "read";'
      Returns:
      URL
      Throws:
      MalformedURLException

    • newFileInputStreamAction

      public static PrivilegedExceptionAction<FileInputStream> newFileInputStreamAction(File f) throws FileNotFoundException
      Return a PrivilegedExceptionAction object for new FileInputStream(). Requires security policy: 'permission java.io.FilePermission "read";'
      Returns:
      FileInputStream
      Throws:
      FileNotFoundException

    • newFileOutputStreamAction

      public static PrivilegedExceptionAction<FileOutputStream> newFileOutputStreamAction(File f) throws FileNotFoundException
      Return a PrivilegedExceptionAction object for new FileOutputStream(). Requires security policy: 'permission java.io.FilePermission "write";'
      Returns:
      FileOutputStream
      Throws:
      FileNotFoundException

    • newFileOutputStreamAction

      public static PrivilegedExceptionAction<FileOutputStream> newFileOutputStreamAction(String f, boolean append) throws FileNotFoundException
      Return a PrivilegedExceptionAction object for new FileOutputStream(). Requires security policy: 'permission java.io.FilePermission "write";'
      Returns:
      FileOutputStream
      Throws:
      FileNotFoundException

    • getByNameAction

      public static PrivilegedExceptionAction<InetAddress> getByNameAction(String hostname) throws UnknownHostException
      Return a PrivilegedExceptionAction object for InetAdress.getByName(). Requires security policy: 'permission java.net.SocketPermission "connect";'
      Returns:
      InetAddress
      Throws:
      UnknownHostException

    • newSocketAction

      public static PrivilegedExceptionAction<Socket> newSocketAction(InetAddress host, int port) throws IOException
      Return a PrivilegedExceptionAction object for new Socket(). Requires security policy: 'permission java.net.SocketPermission "connect";'
      Returns:
      Socket
      Throws:
      IOException

    • newServerSocketAction

      public static PrivilegedExceptionAction<ServerSocket> newServerSocketAction(int port) throws IOException
      Return a PrivilegedExceptionAction object for new ServerSocket(). Requires security policy: 'permission java.net.SocketPermission "listen";'
      Returns:
      ServerSocket
      Throws:
      IOException

    • acceptAction

      public static PrivilegedExceptionAction<Socket> acceptAction(ServerSocket ss) throws IOException
      Return a PrivilegedExceptionAction object for ServerSocket.accept(). Requires security policy: 'permission java.net.SocketPermission "listen";'
      Returns:
      Socket
      Throws:
      IOException

    • getPropertiesAction

      public static PrivilegedAction<Properties> getPropertiesAction()
      Return a PrivilegeAction object for System.getProperties(). Requires security policy: 'permission java.util.PropertyPermission "read";'
      Returns:
      Properties

    • getPropertyAction

      public static PrivilegedAction<String> getPropertyAction(String name)
      Return a PrivilegeAction object for System.getProperty(). Requires security policy: 'permission java.util.PropertyPermission "read";'
      Returns:
      String

    • getPropertyAction

      public static PrivilegedAction<String> getPropertyAction(String name, String def)
      Return a PrivilegeAction object for System.getProperty(). Requires security policy: 'permission java.util.PropertyPermission "read";'
      Returns:
      String

    • getContextClassLoaderAction

      public static PrivilegedAction<ClassLoader> getContextClassLoaderAction()
      Return a PrivilegeAction object for Thread.currentThread .getContextClassLoader(). Requires security policy: 'permission java.lang.RuntimePermission "getClassLoader";'
      Returns:
      ClassLoader

    • setContextClassLoaderAction

      public static PrivilegedAction<Boolean> setContextClassLoaderAction(ClassLoader loader)
      Return a PrivilegeAction object for Thread.currentThread .setContextClassLoader(). Requires security policy: 'permission java.lang.RuntimePermission "setContextClassLoader";'
      Returns:
      ClassLoader

    • newDaemonThreadAction

      public static PrivilegedAction<Thread> newDaemonThreadAction(Runnable target, String name)
      Return a PrivilegedAction object for new Thread(). Requires security policy: 'permission java.lang.RuntimePermission "modifyThreadGroup";' 'permission java.lang.RuntimePermission "modifyThread";'
      Returns:
      Thread

    • openStreamAction

      public static PrivilegedExceptionAction<InputStream> openStreamAction(URL url) throws IOException
      Return a PrivilegedExceptionAction object for url.openStream(). Requires security policy: 'permission java.io.FilePermission "read";'
      Returns:
      InputStream
      Throws:
      IOException

    • getContentAction

      public static PrivilegedExceptionAction<Object> getContentAction(URLConnection con) throws IOException
      Return a PrivilegedExceptionAction object con.getContent(). Requires security policy: 'permission java.io.FilePermission "read";'
      Returns:
      Object
      Throws:
      IOException

    • newZipFileAction

      public static PrivilegedExceptionAction<ZipFile> newZipFileAction(File f) throws IOException
      Return a PrivilegedExceptionAction object for new ZipFile(). Requires security policy: 'permission java.io.FilePermission "read";'
      Returns:
      ZipFile
      Throws:
      IOException

    • getJarFileAction

      public static PrivilegedExceptionAction<JarFile> getJarFileAction(JarURLConnection con) throws IOException
      Return a PrivilegedExceptionAction object for con.getJarFile(). Requires security policy: 'permission java.io.FilePermission "read";'
      Returns:
      JarFile
      Throws:
      IOException

    • getJarEntryAction

      public static PrivilegedExceptionAction<JarEntry> getJarEntryAction(JarURLConnection con) throws IOException
      Return a PrivilegedExceptionAction object for con.getJarEntry(). Requires security policy: 'permission java.io.FilePermission "read";'
      Returns:
      JarEntry
      Throws:
      IOException

    • newTemporaryClassLoaderAction

      public static PrivilegedAction<TemporaryClassLoader> newTemporaryClassLoaderAction(ClassLoader parent)
      Return a PrivilegeAction object for new TemporaryClassLoader(). Requires security policy: 'permission java.lang.RuntimePermission "createClassLoader";'
      Returns:
      TemporaryClassLoader

    • newMultiClassLoaderAction

      public static PrivilegedAction<MultiClassLoader> newMultiClassLoaderAction()
      Return a PrivilegeAction object for new MultiClassLoader(). Requires security policy: 'permission java.lang.RuntimePermission "createClassLoader";'
      Returns:
      MultiClassLoader

    • getAnnotationsAction

      public static PrivilegedAction<Annotation[]> getAnnotationsAction(AnnotatedElement element)
      Return a PrivilegeAction object for AnnotatedElement.getAnnotations(). Requires security policy: 'permission java.lang.RuntimePermission "accessDeclaredMembers";'
      Returns:
      Annotation[]

    • getDeclaredAnnotationsAction

      public static PrivilegedAction<Annotation[]> getDeclaredAnnotationsAction(AnnotatedElement element)
      Return a PrivilegeAction object for AnnotatedElement.getDeclaredAnnotations(). Requires security policy: 'permission java.lang.RuntimePermission "accessDeclaredMembers";'
      Returns:
      Annotation[]

    • isAnnotationPresentAction

      public static PrivilegedAction<Boolean> isAnnotationPresentAction(AnnotatedElement element, Class<? extends Annotation> annotationClazz)
      Return a PrivilegeAction object for AnnotatedElement.isAnnotationPresent(). Requires security policy: 'permission java.lang.RuntimePermission "accessDeclaredMembers";'
      Returns:
      Boolean

    • getAnnotationAction

      public static <T extends Annotation> PrivilegedAction<T> getAnnotationAction(AnnotatedElement element, Class<T> annotationClazz)
      Return a PrivilegedAction object for AnnotatedElement.getAnnotation(). Requires security policy: 'permission java.lang.RuntimePermission "accessDeclaredMembers";'
      Returns:
      Annotation

    • validateAction

      public static <T> PrivilegedAction<Set<jakarta.validation.ConstraintViolation<T>>> validateAction(jakarta.validation.Validator validator, T arg0, Class<?>[] groups)
      Return a PrivilegeAction object for jakarta.validation.Validator.validate(). Requires security policy: 'permission java.lang.RuntimePermission "accessDeclaredMemeber";'

    • buildDefaultValidatorFactoryAction

      public static <T> PrivilegedAction<jakarta.validation.ValidatorFactory> buildDefaultValidatorFactoryAction()
      Return a PrivilegeAction object for jakarta.validation.Validation.buildDefaultValidatorFactory(). Requires security policy: 'permission java.lang.RuntimePermission "createClassLoader";'

    • createURL

      public static PrivilegedExceptionAction<URL> createURL(String url) throws MalformedURLException
      Throws:
      MalformedURLException